(RADIATOR) Inquiries

Hugh Irvine hugh at open.com.au
Sun Aug 17 21:00:13 CDT 2003 

Hello Loai -

Thanks for sending the configuration and debug.

On Sunday, Aug 17, 2003, at 23:07 Australia/Melbourne, Loai Marashdeh 
wrote:

> Hi everybody, can anyone help with these issues?
>  
> 1.How can I get the plain text password. Whenever I request the 
> password it gives me the encrypted password.
> I need it because I want to make a stored procedure and send the 
> authentication to the
> SQL Server (e.g AuthSelect exec AuthStProc username,password).
>  

You can use the %P special character for the plaintext password (this 
will only work with PAP authentication).

> 2. In our old RADIUS system,We have groups for a specified number of 
> pools. How can I make a group to collect these pools as when a user 
> connects with a group number, he will be assigned an IP Address from 
> these specified pools for this group.
>  

How do you know when a user is part of a particular group? If it is a 
field in the database, you could use the group value as the PoolHint 
for the AuthBy DYNADDRESS after retrieving it from the database.

In fact now that I look at your configuration file and debug I see that 
you have done this and it also appears to be working fine.

> 3. When I Authenticate a user, I take a field from the database called 
> csntgroup, this identifies the group number of the user, I need this 
> number to be stored in the accounting table (RADIUS called here), I 
> tried different ways but it returned Null.
> is it a proper way to use the pools as groups as I have used, or is 
> there a better way? I also need it in the Failed Attmepts table.
>  

It would be simpler if you put the "csntgroup" into a Class attribute 
and used that for both the PoolHint and for the accounting.

Ie.

	<AuthBy SQL>
	      DBSource dbi:ODBC:radiator
	      DBUsername xxx
               DBAuth xxx
               NoDefault
               #IgnoreAccounting

               RcryptKey   mysecret
               #RcryptKey   des_set_key
	      AuthSelect if exists (select * from Accounts a , SessionsAndIPs 
s where a.username=s.username \
			and s.USERNAME=%0 and statusid='0') \
			select PASSWORD,maxsessions,fixedipaddress,csntgroup from 
accountsview where USERNAME=%0 and statusid='0' \
			else \
			select PASSWORD,1 as maxsessions,fixedipaddress,csntgroup from 
accountsview where USERNAME=%0 and statusid='0'
		
	      #AuthColumnDef 0, PASSWORD, check
               AuthColumnDef 0, User-Password, check
	      #AuthColumnDef 1, GENERIC, check
	      #AuthColumnDef 2, GENERIC, reply
	      AuthColumnDef 1, Simultaneous-Use, check
	      AuthColumnDef 2, Framed-IP-Address, reply

	      AuthColumnDef 3, Class, reply
	  	
               AccountingTable	RADIUS
               AcctColumnDef DATE,Timestamp,integer-date,%m/%d/%Y
	      AcctColumnDef TIME,Timestamp,integer-date,%H:%M:%S
	      AcctColumnDef [USER-NAME],User-Name
	      AcctColumnDef [Group-Name],Group1
	      AcctColumnDef [ACCT-STATUS-TYPE],Acct-Status-Type
	      AcctColumnDef [ACCT-SESSION-ID],Acct-Session-Id
	      AcctColumnDef [ACCT-SESSION-TIME],Acct-Session-Time,integer
	      AcctColumnDef [ACCT-INPUT-PACKETS],Acct-Input-Packets,integer
	      AcctColumnDef [ACCT-OUTPUT-PACKETS],Acct-Output-Packets,integer
	      AcctColumnDef [FRAMED-IP-ADDRESS], Framed-IP-Address
	      #AcctColumnDef [ACCTDELAYTIME],Acct-Delay-Time,integer
	      #AcctColumnDef [NASIDENTIFIER],NAS-IP-Address
	      AcctColumnDef [Calling-Station-Id],Calling-Station-Id
	      AcctColumnDef [NAS-PORT],NAS-Port,integer
	      AcctColumnDef [ACCT-TERMINATE-CAUSE],Acct-Terminate-Cause
	      #AcctColumnDef [ACCTTERMINATECAUSE],Ascend-Disconnect-Cause

                 AcctColumnDef CLASS, Class
	      	      	
	      AcctInsertQuery If ('%{Framed-IP-Address}'<>'') \
	      begin insert into %0 (%1) values (%2) end
         </AuthBy>

.....
	
	<AuthBy DYNADDRESS>
		AddressAllocator SQLAllocator
		PoolHint %{Reply:Class}
	</AuthBy>


> 4. How can I get the attributes(Acct-Input-Packets and 
> Acct-Output-Packets). When I request them it gives me a value of Null,
> By default the radiator gives the Acct-Input-Octets and 
> Acct-Output-Octets. I inserted these attributes with radpwtst utility 
> and it worked, but why the Acct-Input-Octets and Acct-Output-Octets 
> works without inserting them with radpwtst?
>  

The Acct-Input-Octets and Acct-Output-Octets attributes are reported by 
the NAS in the accounting stop. If the NAS sends those attributes they 
will be inserted in the database - if the NAS does not send them then 
there is nothing to insert.

> 5. There is a warning message:" WARNING: No such attribute PoolHint", 
> why it gives me this message?
>  

See above comment regarding using the Class attribute instead (PoolHint 
is not a radius attribute, so Radiator issues a warning).

> I used this command:
> D:\Perl\bin>perl radpwtst -user mikem -password fred 
> Acct-Terminate-Cause=1 Acct-Input-Packets=12
> Acct-Output-Packets=1234
>  
> We are testing the product using the radpwtst utility,Radiator 
> 3.6 (evaluation version), windows 2000 Advanced Server, MSSQL Server 
> 2000.
> Attached the the radius.cfg file and the last log trace.
>  
>  Your support is appreciated.
>  

regards

Hugh


NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 6775 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030818/329ea7e6/attachment.bin>

More information about the radiator mailing list